Security Alert

Beware of the Modern Holiday Grinch – the Phish

In 1957 Dr. Seuss wrote of a villain who stole holiday boxes and packages, but today villains are out for more than precious gifts and who-pudding. Cyber hackers take advantage of holiday shoppers and see the holiday season as an ideal time to steal credit card information and sensitive data. This holiday season, follow these tips from The Office of Information Technology to keep your information safe online.

Holiday Cyber Tips

Shopping Tips

Use credit cards rather than debit cards when shopping online. If your information is compromised, a credit card company may be quicker to refund your credit than a bank would be to issue a refund from your checking account.

When you’re shopping online, make sure you are shopping on a secure site. The URL should include “https.” The “s” stands for secure. It should also have a lock icon in the URL bar.

Use a personal email for shopping online. Use your Gmail, Yahoo or other personal account for your online shopping. Do not open up your ua.edu or crimson.ua.edu account to unnecessary threats.

If your bank or credit card company offers two-factor authentication, like DUO, use it! Many online banking sites offer two-factor verification. Bank of America, Capital One, Chase, Discover, Wells Fargo all offer two-factor. Check your bank’s website to learn more.

Keep an Eye Out for Phishy Emails

Check the from email address. If you receive a purchase confirmation or tracking number via email, it should have the company’s name in the “from” email address. For example, if you receive an email from UPS alerting you that your package has shipped, it should come from ups.com.

Hover before you click. When you do get a confirmation or tracking email, hover over a link before clicking it. This will show you where a link is taking you before you go. This also works on your phone or tablet – just hold your thumb on the link and a bubble will appear with the URL.

Add DUO to a New Device

If you made the nice list, and receive a new smartphone or tablet over the holiday break, be sure to add the device to your DUO account to enable it for two-factor authentication. Step-by-step instructions are available at https://oit.ua.edu/service/duo-tutorials/

Stay smart and safe online this holiday season. The IT Service Desk will be closed Dec. 21, 2016, through Jan. 2, 2017. For more information, visit oit.ua.edu/security.

 

OIT adds DUO to UA Faculty and Staff Webmail

Effective Wednesday, Nov. 8, 2017, OIT will add DUO two-factor authentication to OIT-supported faculty and staff Webmail accounts.

If you are an active DUO user with an OIT-supported email address, DUO will be applied to your online UA Exchange Webmail account. Your email will be better protected under the same two-factor authentication that your myBama account currently receives.

When you visit webmail.ua.edu to check email, you will see the standard DUO prompt that you see when logging into myBama. You will follow the same procedure as you typically would when logging into myBama. You can also use the “Remember Me for 30 Days” feature.

If you use a desktop or smart phone mail application (such as Outlook, or your device’s standard Mail App) for your UA Exchange Mail, you will not notice any change. You will be able to use your mailbox as you typically would. This will not impact departmental or shared email accounts accessed through Webmail.

By adding DUO two-factor authentication to Webmail, OIT can better protect UA faculty and staff inboxes from cyberattacks. Please visit oit.ua.edu/duo to see answers to frequently asked questions, and contact the IT Service Desk at 205-348-5555 or itsd@ua.edu with additional questions.

October 26 Student Phishing Attempt

Thursday, October 26, 2017, many UA students received a phishing email with the subject title “Mail Notice”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

Phishing Attempt

October 26 Phishing Attempt

Thursday, October 26, 2017, many UA employees received a phishing email with the subject title “Emergency Notification”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Phishing Attempt

Cybersecurity: Keeping Your Personal Identity Personal

Cybersecurity is an evolving field. As security professionals find new solutions and strategies to block attacks, hackers are creating new approaches to discover sensitive data. If one thing is certain about the field of cybersecurity, it’s that it’s not going anywhere. 
Cyber Security Tips

UA’s Office of Information Technology has a few tips to ensure your sensitive data is always protected.

  • Passwords are still important. Choose a strong password. OIT recommends that passwords be 12 characters or more, with a mixture of uppercase and lowercase letters, numbers and special characters. Use a phrase that’s easy for you to remember, harder for someone else to figure out. If two-factor authentication is offered, use it. Gmail, iCloud and many banks now offer two-factor authentication.
  • Consider establishing a credit freeze, and monitor your credit. You can easily establish a credit freeze with the four major credit bureaus: Equifax, Experian, Transunion and Innovis. A credit freeze does not impact your credit score; it simply makes it more difficult for identity thieves to open new accounts in your name. Sometimes there is a fee for this service, but it is usually $10 or less.
  • Remember the red flags of phishing. As we approach the holiday season, the phishers will be in full force attempting to steal your sensitive data. Remember to hover over links before you click, and the “from” email address should match the “from” email name. For example, if you receive a tracking email from UPS, the email should derive from a ups.com email address.

October is National Cyber Security Awareness Month. To see all of the tips OIT has shared on cybersafety, visit oit.ua.edu/news.

Cyber Security Awareness Month – Why DUO?

The University of Alabama now has more than 40,000 DUO users. To better understand the need for DUO, this week we’re sharing facts about what we’re doing to protect UA against cyber attacks. 

Cyber Map

More than 9,100 student accounts at The University of Alabama have been compromised in the last four years. In most instances, the compromised account occurred because of phishing attempts and weak passwords. Passwords are simply not strong enough to protect the sensitive data held within myBama accounts.

OIT implemented DUO to add a second layer of security to myBama accounts. With DUO, cyber attackers cannot gain access to your myBama account unless they have your username, your password and your DUO-registered device.

The University of Alabama also blocks 105,000 cyber attacks each and every minute. These attacks originate from across the globe. Hackers want the sensitive data held within your myBama account. Protect your myBama account against attacks and phishing emails with DUO two-factor authentication. Get started at duo.ua.edu.

October is National Cyber Security Awareness Month. OIT will be posting cyber safety information throughout the month. For more information about Cyber Security Awareness Month, visit The National Cyber Security Alliance’s website https://staysafeonline.org.

Oct. 10, 2017 Phishing Attempt

Tuesday, October 10, 2017, many UA employees received a phishing email with the subject title “RE: Microsoft outlook account unusual sign-in activity”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Oct 10 Phishing Attempt

Equifax Cyber Breach: What You Need to Know

Mass cyber breaches, like the recent Equifax security breach, can be intimidating and alarming. In this week’s cyber security tip, we provide tips for users affected by commercial cyber breaches.

Cyber Breaches - What you should know

In situations like the Equifax cyber breach, it is best to follow the news and recommendations from the organization affected. However, there are a few additional things that you can do to better protect your credit score and your online identity.

  • One tip is to establish a credit freeze with all four credit agencies – Equifax, Transunion, Experian and Innovis. By initiating a credit freeze, or security freeze, you will restrict access to your credit report, making it more difficult for identity thieves to open up new accounts in your name. A credit freeze does not impact your credit score. You may simply contact each credit reporting company to establish the freeze. Sometimes there is a fee for this service, but it is usually $10 or less.
  • You also should regularly monitor your credit and your online banking accounts to ensure their security.
  • Regularly change your passwords, and, if it is offered, use two-factor authentication. Many banking and investing websites have employed two-factor authentication to better protect their users.

October is National Cyber Security Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cyber Security Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.

Oct. 4 Student Phishing Attempt

Thursday, October 4, 2017, many UA students received a phishing email with the subject title “Important Notice” or “Important Mail Notice”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below are screenshots of the emails.

Phishing Attempt

 

phishing attempt

September 14 Phishing Attempt

Thursday, September 14, 2017, many UA students, faculty and staff received a phishing email with the subject title “Your account has been queued for deletion”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

 

Screenshot of phishing attempt